Psuedo User based Assignments of Mac OS-X Bundles in ZENworks 11SP2

Starting with ZENworks 11, the ZENworks Configuration Management product is able to manage multiple device platforms. In ZENworks 11, you were able to manage Windows and Linux devices. In ZENworks 11SP2 this device support was extended to encompass Macintosh OS-X. One of the major differences in functionality between Windows management and Linux/Mac management is that Mac and Linux bundles and policies can only be assigned to devices. This means that when an application is assigned, it will default to being seen by all users of the device.

The purpose of this solution is to present a means to limit the availability of the bundle to only specific users, groups or folders in the LDAP directory. This solution uses the open source ldapsearch utility provided with both Mac OS-X and Linux to populate information from the LDAP directory to local environment variables. Once these variables are set you can then use them as system requirements to control app availability. This script assumes that:

  1. The user’s local device username is the same as their enterprise directory name.

  • The end device can contact the LDAP server from their Mac when the application is executed.

This solution provides bundle templates that do the following:

  1. Ensures that the signer of the LDAP server's CA is trusted by the OS-X device

  • Ensures that the subject of the certificate maps to the correct IP in the HOSTS file

  • Uses ldapsearch to populate files that the ZENworks Adaptive Agent reads on each refresh to set special environment variables.

  • Optionally also includes the user's local group memberships on the device

  • Protects the LDAP information from tampering by regular users

For the purpose of this solution, the instructions and files are OS-X specific, however the same process should work for Linux devices as well if you wanted to create a similar set of bundles for Linux.

The zip file included includes 2 bundles templates that can be imported using the 'zman bc' command as well as a PDF file that walks through the possible changes you need to make for your environment.



How To-Best Practice
Comment List